The Hacker News — Cyber Security, Hacking, Technology News

Staysure, a UK based Insurance company has suffered a massive data breach. More than 93,000 customers' sensitive financial data may have been compromised by unknown hackers.

We became aware of the problem on November 14, and quickly informed the relevant card issuing bodies and subsequently The Financial Conduct Authority, the Information Commissioner’s Office and the Police.

The company notified that their systems have suffered cyber attack during the second half of October 2013 and Customers' Data including names, addresses, payment card details and CVV numbers has stolen.

In that attack, encrypted payment card details of customers who purchased insurance from us before May 2012 were stolen, along with CVV details and customer names and addresses. From May 2012 we ceased to store this data.

Credit card details were encrypted, but the CVV number was in the clear text, which is not good. Now this is not confirmed that their encryption implementation was secure or not. However if the payment card number is encrypted, then a hacker couldn’t get the encrypted card number back so they couldn’t use the CVV number anyway.

We immediately removed the software and systems that the attackers exploited, and we are confident that we are taking the right steps to protect our customers in the future.

Now any affected customers are being given free access to an identity monitoring service. The company has hired an Independent forensic data experts to fully ascertain the problem.

"The truth is coming, and it cannot be stopped", Edward Snowden. The National Security Agency isn’t just snooping into phone and online communications. It also appears to be keeping a close eye on credit card transactions.

New reports published by Der Spiegel exposed that The National Security Agency (NSA) is widely monitoring SWIFT bank transactions, International Credit Card Payments and banking, attained by watching printer traffic from numerous banks.

According to the information acquired by former NSA contractor Edward Snowden, Show that in 2011, the NSA possessed 180 million records and spying is conducted by a branch called "Follow the Money. That data then moved to their own'Tracfin' financial databank to track money flows.

NSA targets the transactions of various banks via large credit card companies like VISA by doing surveillance in Europe, Middle East and Africa. Some 84 percent of the data are from credit card transactions.

"The NSA's Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely."

The presumed purpose of NSA’s credit card tracking is to help it stop terrorism, but this poses a significant privacy threat. The NSA is able to get the names of individual account holders from banks issuing credit cards.

One pain point for merchants, especially those outside the United States, is that they are already wary of the federal government accessing sensitive data. Now they exactly know that who you are. The NSA already has your social media profile information, phone call records, and email correspondence metadata etc.

The goal was to collect, parse and ingest transactional data for priority credit card associations, focusing on priority geographic regions, according to the Slides obtained.